Earlier today, a major tech outage disrupted various industries such as healthcare, travel, and finance on a global scale. This disruption was caused by an automatic update to CrowdStrike’s Falcon Windows agent, which led to a crash loop on Windows systems, resulting in a persistent Blue Screen of Death. This was not a result of a security breach or a cyberattack.

That said, the outage has provided an unfortunate opportunity for threat actors to exploit the situation. As organizations worldwide rely on CrowdStrike for endpoint security, this disruption has created a fertile ground for cybercriminals to launch malicious campaigns, posing significant risks to both individuals and businesses.

The Emergence of Malicious Domains

In the wake of the CrowdStrike outage, threat actors have been quick to register new domains, masquerading as legitimate resources to exploit users’ concerns. These domains are designed to deceive users into believing they offer solutions to the outage, while in reality, they are conduits for malware and phishing attacks.

Here are some of the newly registered domains to be wary of:

• crowdstrikebluescreen.com
• crowdstrike0day.com
• crowdstrike-bsod.com
• crowdstrikedoomsday.com
• crowdstrikefix.com
• crowdstrikedown.site
• crowdstriketoken.com
• crowdstrikeupdate.com
• crowdstrike-helpdesk.com

The Threat Landscape

Malware Disguised as Fixes

Cybercriminals are adept at exploiting fear and urgency. In this instance, they are distributing malware disguised as software to “fix” the CrowdStrike issue. These malicious programs can compromise your system, steal sensitive data, and provide unauthorized access to your network. Always verify the source of any software before downloading and installing it on your systems.

Phishing Pages

In addition to malware, malicious actors are setting up phishing pages that mimic legitimate CrowdStrike support sites. These pages are designed to capture your login credentials, personal information, and other sensitive data. Phishing attacks remain one of the most common and effective methods for cybercriminals to gain unauthorized access to systems and networks.

Indicators of Compromise (IoCs)

Being aware of these IoCs is crucial in identifying and mitigating potential threats:

• crowdstrikebluescreen.com: Posing as a site offering solutions to blue screen issues.
• crowdstrike0day.com: Claiming to provide zero-day fixes.
• crowdstrike-bsod.com: Another blue screen solution site.
• crowdstrikedoomsday.com: Implying catastrophic consequences if their “fix” is not applied.
• crowdstrikefix.com: A general fix-it site.
• crowdstrikedown.site: Implying a status update or fix for the downtime.
• crowdstriketoken.com: Possibly targeting token-based authentication.
• crowdstrikeupdate.com: Pretending to offer necessary updates.
• crowdstrike-helpdesk.com: Faking a helpdesk service.

How to Stay Protected

1. Verify Sources: Always ensure that the websites you visit and the software you download are from legitimate and verified sources. Do not trust links sent via unsolicited emails or messages.
2. Use Multi-Factor Authentication (MFA): Implement MFA wherever possible to add an extra layer of security to your accounts.
3. Update Security Software: Keep your antivirus and endpoint protection software up to date to detect and prevent the latest threats.
4. Educate Employees: Conduct regular training sessions to educate employees about phishing attacks and the importance of verifying the legitimacy of emails and websites.
5. Monitor Network Traffic: Keep a close watch on network traffic for any unusual activities that might indicate a compromise.

Conclusion

The CrowdStrike outage is a stark reminder of how quickly threat actors can exploit vulnerabilities and disruptions. By staying informed and vigilant, you can protect your systems and data from these malicious actors. At Cyvatar, we are committed to helping you navigate the complex cybersecurity landscape and stay ahead of emerging threats.

Stay secure with Cyvatar.